In case anyone else gets to this post but has an ssh-agent running, you can
use this:
import (
"net"
"os"
"golang.org/x/crypto/ssh/agent"
)
if aconn, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")); err == nil {
signerFn := agent.NewClient(aconn).Signers
signers, err := signerFn()
if err != nil {
log.Fatalln("ssh: ", err)
}
// signers is a slice of the decrypted private ssh keys the
agent has access to
}
Thanks
Diego
On Friday, October 7, 2016 at 4:18:21 PM UTC-4, Pietro Gagliardi (andlabs)
wrote:
>
> While waiting for some long-running automated tasks at work to complete, I
> passed the time by writing a simple program using github.com/pkg/sftp to
> automate dumping the latest backups from our backup server onto my computer
> for using them to test other parts of our workflow. I have an encrypted
> id_rsa with a passphrase, which ssh.ParsePrivateKey() doesn't support right
> now. I admittedly don’t understand ssh the toolchain enough to know how to
> have ssh prompt for a passphrase without an agent (because I dislike GUI
> agent prompters), and I didn't know (until it was pointed out to me) that
> git was running ssh behind my back (I thought it was producing passphrase
> prompts itself). So I examined the package’s source and a few other
> packages to rolled together this solution, which works for me:
>
> https://play.golang.org/p/M93Dk9_ufa
>
> import (
> "crypto/x509"
> "encoding/pem"
> "io/ioutil"
>
> "golang.org/x/crypto/ssh"
> )
>
> // Pass the returned ssh.Signer to ssh.PublicKeys() to get its
> ssh.AuthMethod
> func ParseEncryptedPrivateKey(key []byte, passphrase string) (ssh.Signer,
> error) {
> block, _ := pem.Decode(key)
> key, err := x509.DecryptPEMBlock(block, []byte(passphrase))
> if err != nil {
> return nil, err
> }
> block.Headers = nil
> block.Bytes = key
> return ssh.ParsePrivateKey(pem.EncodeToMemory(block))
> }
>
> My question is: is there any gotcha or caveat about the above that I don't
> know about? Because I'd like to add it to crypto/ssh, to make the lives of
> other people dealing with passphrased keys easier.
>
> Thanks.
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
